Safer way to use REST API in Access?

Hi All!

Recently we’ve been trying to start grabbing data out of Epicor for use in other applications. I’ve been working on setting up a web service to forward requests using our own authentication, but since that hasn’t been setup yet, I had/have to find another way to do that in Access for the time being. We can’t use OData for this as we don’t have an SSL cert setup on the Epicor server so Microsoft Office products will not grab data from it. I have a workaround for this, but currently I am putting clear credentials in a macro. Is there a more secure way I can do this at the moment?

I feel like I need to ask… but… Why Access???

However to your question,

You could prompt the users for their credentials via a VBA form when they need to do something. That would be better than hard coding it in a vba file.

Also ‘Certify the Web’ will let you valid cert your IIS site for Epicor REALLY easily.

Eventually we will be getting a valid cert on the Epicor server, but we are under an umbrella with an off-site hosting location, and we don’t have access to that server. There’s a lot of approvals and other stuff that has to happen before we can do the cert.

Haha I feel you, but sadly its just not in the realm of possibilities right now for me to not be using access. I can’t prompt users for credentials because they work in the shop and won’t have epicor credentials.

Then it seems you are already doing what you can. The fact that access is the interface you are being forced on says there’s a lot bigger problems to worry about than a plain text password in a vba macro file.

Password protect your acccess code behind and move on